>From the end of Ian's new doc on Application Development:
'''
A basic framework for your SitePage might be:
from WebKit.Page import Page
class SitePage(Page):
def respond(self, trans):
if self.securePage():
if not self.session().value('username', False):
self.respondLogIn()
return
def securePage(self):
"""Override this method in your servlets to return True if the
page should only be accessible to logged-in users -- by default
pages are publically viewable"""
return False
def respondLogin(self): #@@ s/b respondLogIn
# Here we should deal with logging in...
pass
Obviously there are a lot of details to add in on your own which are
specific to your application and the security and user model you are
using.
'''
I have managed to create an application that deals with session logins
and session timeouts, but have often wondered about the proper way to
handle the process. Could you elaborate on the above a bit more?
Specifically, doesn't the method respond have to call its ancestor in
Page (HTTPServlet)? What does the method respondLogIn do if it
discovers the session has timed out or this is the request for a login
page rather than an incoming CGI login form? Why did you choose to
override the method respond rather than awake as in SecurePage.py in
the WebKit Examples?
A few lines of SecurePage have puzzled me as well, this from line 40:
# Get login id and immediately clear it from the session
loginid = session.value('loginid', None)
if loginid:
session.delValue('loginid')
...and these from line 58:
# Check if they can successfully log in. The loginid
must match
what was previously
# sent.
if request.field('loginid', 'nologin')==loginid and
self.loginUser(username, password):
# Successful login.
# Clear out the login parameters
request.delField('username')
request.delField('password')
request.delField('login')
request.delField('loginid')
I have never understood where session.value('loginid') is being set,
why it is being deleted if it exists, why the incoming id must match
the old value, and what is the benefit of doing request.delField(...).
Roger Haase
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Webware-discuss mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/webware-discuss
